[neurocat123]

I seem to be the only one with this opinion in this thread, so perhaps I'm misguided, but the reason I'm tired of these cookie permission pop-ups is that they strike me as security theatre. It's pretending to the end user that they have some control over being tracked or not, when we all know that they'll be tracked all the same, with non-cookie based fingerprinting methods. Can the "don't do evil things with user data" intent of this legislation not simply be subsumed under GDPR?

[dvdkon]

They're not actually cookie permission pop-ups (that was a previous law IIRC), they're much broader consent pop-ups about handling user data. You don't really have any assurance they're not tracking you after declining, but it would at least be grossly illegal.

[MauranKilom]

> Can the "don't do evil things with user data" intent of this legislation not simply be subsumed under GDPR?

It already is. Processing personal data requires a legitimate basis. Freely given consent is one of those, and the reason these companies are being fined is because "freely given" requires symmetry in accepting/rejecting. Without the symmetry, the companies had no legal basis for processing the data, so they got these fines.

It is harder to prove "evil things" in general, but the first step is preventing users from being coaxed into agreeing to "evil things" (or rather, making clear that this is illegal and will be punished).